Similar to operating system fingerprinting, this technique uses unique fingerprints that are available on each version of a web application to determine which one is being used.

What these fingerprints are, depend on the web application, but generally we can use .js (javascript) , .css and a few other files that are available and we can access the source remotely. We can’t do the same with .php, because it will not return the source (only the executed output).

To create the fingerprints, we need download the packages for different versions and perform a diff between each of them. After that, we compare the diffs looking for unique patterns present on each version.

To exemplify this technique we are going to use WordPress, since it is widely used and have an archive with all their versions. For closed-source applications, it can still work, but require getting access to a few installations with known versions to create the baselines.

Network-based integrity monitoring offers additional protection that you don’t get by anti-viruses or traditional intrusion detection tools. Sucuri NBIM will monitor your internet presence, looking for changes that might have been caused by a hacker (internet vandal), malware or even by an internal employee by mistake.

This document is not the common step-by-step guide on how to protect your wordpress installation. A lot of sites cover that already, so I will talk about some additional topics that you don’t see around very often, specially torwards security with obscurity.

I am not propagating that just by hiding the version of wordpress is going to make you more secure, but the truth is, why SHOULD ANYONE know that? No user of your site needs to know your wordpress version or Apache or PHP version. Good security practices always specify that the minimum privilege (or information) that you give, the better.